[ req ]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
CN = etcd-ca

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
IP.1 = {{ ansible_host }}
IP.2 = 127.0.0.1
IP.3 = ::1

[ v3_ext ]
authorityKeyIdentifier=keyid,issuer:always
basicConstraints=CA:FALSE
keyUsage=keyEncipherment,dataEncipherment
extendedKeyUsage=serverAuth,clientAuth
subjectAltName=@alt_names

